Fortinet FortiSIEM offers robust features like automation, real-time monitoring, and scalable log correlation. It integrates SOC and NOC, enhancing security by seamlessly managing data. A preferred choice for threat management, its comprehensive reports and competitive pricing add value.
| Product | Mindshare (%) |
|---|---|
| Fortinet FortiSIEM | 2.3% |
| Splunk Enterprise Security | 7.3% |
| IBM Security QRadar | 5.3% |
| Other | 85.1% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Security Information and Event Management (SIEM) | Jun 22, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 22, 2026 | Download |
| Comparison | Fortinet FortiSIEM vs Splunk Enterprise Security | Jun 22, 2026 | Download |
| Comparison | Fortinet FortiSIEM vs IBM Security QRadar | Jun 22, 2026 | Download |
| Comparison | Fortinet FortiSIEM vs Wazuh | Jun 22, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| CrowdStrike Falcon | 4.3 | 2.8% | 97% | 140 interviewsAdd to research |
| SentinelOne Singularity Cloud Security | 4.4 | N/A | 99% | 129 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 30 |
| Midsize Enterprise | 21 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 337 |
| Midsize Enterprise | 186 |
| Large Enterprise | 266 |
Fortinet FortiSIEM serves as a comprehensive platform for security monitoring, threat detection, and incident management. It streamlines operations by integrating seamlessly with Fortinet and third-party tools, offering dynamic service discovery and user-friendly analytics. Leveraging its stable infrastructure, organizations conduct log analysis and behavioral monitoring across networks and applications. It supports compliance reporting and enhances security environments through integration with firewalls and security devices. Its cloud and on-premise options cater to regulatory and operational needs, while multitenant capabilities enable managed security service providers to extend robust security services. Users have highlighted areas for improvement in API integration, data retrieval speed, resource consumption, automation, and reporting flexibility.
What are the key features of Fortinet FortiSIEM?In healthcare, Fortinet FortiSIEM ensures compliance and secure health data management. Financial institutions utilize it for real-time monitoring and fraud detection, while educational sectors deploy for network security and data integrity. Service providers leverage its multitenant features for expansive client management.
Fortinet FortiSIEM was previously known as FortiSIEM, AccelOps.
FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
| Author info | Rating | Review Summary |
|---|---|---|
| Network Engineer at Ogma Consulting | 3.5 | I primarily use Fortinet FortiSIEM for security monitoring in government offices. It effectively handles compliance with over three thousand pre-built rules, although its incident management and FortiAI search functionality could be improved for better results and ease of use. |
| IT Solutions Product Manager at a computer software company with 11-50 employees | 4.0 | <p>We utilize FortiSIEM to detect cyber threats, benefiting from its MITRE ATT&CK integration for effective threat mapping. Improvements are needed in resource consumption and alert latency. While its licensing model is evolving, LogRhythm and QRadar are notable competitors.</p> |
| Network Engineer at Laminar Communications Pty Ltd | 4.0 | I primarily use Fortinet FortiSIEM for systems monitoring and alerting in medium-sized enterprises. Its valuable features include firewall monitoring and intrusion detection, but its APIs need improvement for better integration. Customers find value in their investment. |
| SIEM MANAGER at a comms service provider with 1,001-5,000 employees | 3.5 | I use Fortinet FortiSIEM for configuring rules and threat hunting. Its analytics and integration capabilities are valuable, though the alert customization could improve. Compared to ArcSight, it supports broader technologies and offers powerful, consistent analytics. |
| senior technical administrator at Ogma Consulting | 4.0 | I primarily use FortiSIEM for network monitoring, as it allows me to view all incidents and events on a single pane. I find its event-management feature valuable, though integrating solutions directly could eliminate the need for additional tools. |
| Senior Network Associate at AMCON, Inc. | 4.5 | I use FortiSIEM to manage network devices, receiving real-time incident reports and detailed user action insights. Although reporting could be more intuitive, it’s a cost-effective alternative to Check Point, addressing both support and budget concerns. |
| Security Manager at Banco Lopez de Haro | 4.0 | I use Fortinet FortiSIEM to audit my servers and communications, effectively detecting vulnerabilities and correlating logs to identify security issues and anomalies. It also helps in spotting new technologies and threats. Deployment was time-consuming compared to SolarWinds tools. |
| Technical Consultant at Vertex Techno Solutions (B) Pvt Ltd | 4.0 | I use Fortinet FortiSIEM in our SOC to collect and analyze logs, benefiting from its integration with Cisco and Aruba devices. However, integrating with non-Fortinet technologies is complex, and support response time needs improvement despite 24/7 availability. |
| Network administrator at a manufacturing company with 51-200 employees | 3.5 | I use Fortinet FortiSIEM in a Tunisian university to prevent network attacks. It provides real-time incident detection and alerts, which are invaluable. However, I wish it would automatically respond to threats without needing manual rule creation. |
| Assocciate Solution Engineer at LogPoint | 4.0 | I use Fortinet FortiSIEM to enhance security by providing real-time threat detection, compliance reporting, and network visibility. It excels in auto-discovery and user behavior analytics but could improve its custom normalizer and search functionalities for better usability and performance. |
Negative
Mainly, we are configuring various correlation rules in FortiSIEM to detect various types of cyber threats and cybersecurity attacks, particularly brute force attacks, denial of service attacks, and distributed denial. We are using it to identify suspicious activities by internal staff as well as outsiders, for any type of intrusion.
The most fascinating aspect of FortiSIEM is its integration with the MITRE ATT&CK framework. It maps threat vectors and IOCs on the MITRE framework to identify the kind and magnitude of a threat and the techniques used. This allows us to take requisite measures using the SOAR solution or by involving our team of SOC analysts and incident responders.
FortiSIEM is a bit resource-hungry, so work should be done on hardware resource utilization to consume less hardware. Another major problem is its licensing model, which initially required separate licenses for devices, agents, and EPS.
Recently, they revised it to a subscription-based, all-inclusive license. There is also some latency observed in generating correlation alerts, which should be improved for quicker responses.
We have been using it for almost one year.
FortiSIEM is a reliable product. Multiple times, the server abruptly shut down, but no critical or major issues were observed after power outages. It stabilizes itself in an appropriate time, so its uptime is good.
FortiSIEM is a scalable model. At any point in time, when network devices increase or there is a change in the infrastructure, we can add more workers and collectors to expand our infrastructure setup.
Technical support in my city, specifically in Islamabad or Rawalpindi, is decent. I would rate it seven out of ten.
Local tech support is available, however, for more critical or technical issues, we depend on the OEM directly, especially when it comes to on-prem solutions.
Neutral
The initial installation requires some tech knowledge. You should have prior understanding of modules, collectors, workers, supervisors, and databases. However, after installation, it's really easy to operate.
Fortinet FortiSIEM is high-priced. Previously, its licensing model required separate licenses for devices, agents, and EPS, which was quite rigid. The revised model is subscription-based and more flexible.
Compared to FortiSIEM, LogRhythm is a good competitor. QRadar is also a nice product, working equally well in our region.
I would rate FortiSIEM eight out of ten. It's a nice product and is used by major governmental infrastructures and organizations. I would definitely recommend it to other users.
My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification.
My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and government departments to agencies.
Fortinet FortiSIEM is valuable mainly for its features around firewall monitoring, intrusion detection, and authentication. It provides extensive logging and record-keeping for internal networks, cloud applications, and services as well as perimeter physical network security. Compliance management capabilities, although limited, are utilized by mature customers for reporting.
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a better tool for future use. Enhancing the completeness of its APIs could aid in better external integrations.
I have used Fortinet FortiSIEM for three and a half years to nearly four years.
The product has some instability and bugs, which are not service-stopping but may cause unusual errors and user interface issues. I regularly work with Fortinet support to address these issues.
Fortinet FortiSIEM is highly scalable. I would rate its scalability nine out of ten.
The customer support from Fortinet is good. There is a knowledgeable, though small, team of support engineers around the world. I have come to know them all by name.
Positive
From a new user's perspective, setting up Fortinet FortiSIEM could be rated as a five or six out of ten. However, with my four years of experience, I would rate the setup an eight out of ten.
Many of my customers are happy and have provided positive reviews about their experiences. They continue to pay for services and see value in the investment.
As a service, the cost is reasonable and affordable with scalable pricing based on the number of monitored devices. However, setting it up for oneself as an enterprise-licensed product can be quite expensive.
If you want to set it up yourself, seek expert support before starting. If considering a service, contact Fortinet for a recommended service provider in the FortiSIEM space.
I'd rate the solution eight out of ten.
We use this technology to configure and setup rules and conduct threat hunting.
Connecting all supported security technologies, such as firewalls from Palo Alto, Fortinet, and Check Point, is crucial. The platform needs to recognize logs coming from sources like Syslog. You might integrate an IPS or WAF for use cases like phishing. Whether on-premise or in the cloud, AD is especially important for providing context and supporting specific use cases. If FortiSIEM doesn't natively support a particular technology or cannot parse certain security logs, you can configure a custom parser to interpret those logs effectively.
It is used in analytics, providing powerful tools to obtain specific information. For instance, if you detect a potential OS DDoS attack, you can quickly search for detailed information about that threat. With features like threat hunting, you can query specific IP addresses and access extensive data.
Additionally, FortiSIEM allows you to match IPs with threat intelligence feeds from sources like Kaspersky or Anomali, adding valuable context. The platform also simplifies rule configuration, making setting up rules for specific use cases easy and highlighting its effectiveness as a robust security solution.
When an alert triggers in Fortinet FortiSIEM, the layout or format can feel limited; the template you configure for alerts offers only a few specific fields, which can be restrictive. It would be much better if the technology supported more fields or allowed for greater customization, making it more versatile for managers to tailor alerts according to their specific use cases. This limitation is a weakness of the platform.
I have been using Fortinet FortiSIEM as a partner for two years.
600 users are using this solution.
To effectively plan for the future, it's important to anticipate how much the organization will grow. Considering Fortinet's MSSP model, you need to estimate how many clients you'll acquire and how much your client base might expand. For a single organization, it's crucial to understand how many users you'll be adding during that period to ensure the system can scale accordingly.
Support responds very slowly.
Neutral
I have used ArcSight. Fortinet stands out because it supports a broader range of technologies, allowing for greater integration within a system. Another key advantage is its robust analytics, making it easier to obtain specific information consistently.
The initial setup is easy. If you want to deploy FortiSIEM on-premise, you need to purchase a specific appliance or install it on your hardware. I have deployed FortiSIEM both on-premise and in the cloud, managing both environments effectively.
Deployment depends on the architecture since FortiSIEM uses various components, such as the supervisor, event collector, and worker. It can be set up in just one day if you're deploying it as an all-in-one solution.
I did the deployment alone.
Pricing is moderate.
Maintenance depends on the number of log sources configured and the overall architecture. The system's load must be considered to monitor all components and handle upgrades or fix specific features. Managing the system typically requires just a couple of people for an all-in-one deployment with around ten to twenty log sources.
Overall, I rate the solution a seven out of ten.
FortiSIEM is primarily used as a monitoring tool that can monitor all the incidents and events occurring in the network. The main concern of the customer is to view all the events and incidents on a single pane where everything can be managed.
FortiSIEM is very efficient and helps discover all the points of incidents, identifying users that create loopholes in the network and determining potential points of contact.
The most valuable feature is the ability to view all the network events on a single pane and find the point of contact or point of the incident. Along with FortiSIEM, a solution can be provided, which is a feature I admire.
There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore.
I have approximately one year of experience working with FortiSIEM.
I rate the stability of the solution as nine out of ten.
The scalability of the solution is rated eight out of ten.
I rate the technical support provided by Fortinet as nine out of ten.
Positive
The initial setup can vary from being easy to moderate depending on the network size. If the network is small, it might be easy. That said, if it's semi-small or semi-large, it's a moderate setup.
The pricing of FortiSIEM is moderate; it is neither very costly nor very cheap.
I can recommend FortiSIEM, but it depends on customer needs, network size, and preferences. Customers can also consider replacing a physical SOC team with FortiSIEM.
I'd rate the solution eight out of ten.
We're using it to manage devices on the network. We get real-time incident reports on changes done on the servers and changes on routers and switches. They also use it to provide reports to management on activities, incidents, and events.
I like the reporting model where you can drill-down capabilities into user actions on the network.
I also like CMDB. The CMDB captures devices as long as they have SNMP enabled. It captures the information for me.
Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information.
When you're generating a report on the report line, sometimes it is very important to understand the criteria for creating the database to get the report you want. If FortiSIEM can improve on that, the user is looking for specific information, and it comes by. You don't need a technical person to generate a report. It's a bit difficult for you to generate it without drilling down. You need to keep clicking, and narrowing down your search to get what you want.
If there will be some level of info, I like the reporting on FortiAnalyzer because one can see the number of people consuming bandwidth on the network, who the top users are, at the critical button you specified, and how long the duration is. FortiSIEM is not as easy.
I have been using it for three years. I currently use the version 6.3.
It is a stable solution. So far, it's been relatively stable. The current version we're using will expire in 2024, so we're planning to upgrade to the next version soon. We're also considering moving to the cloud, which may impact stability, but we'll have to see how that goes.
It is a scalable solution on-prem environment. We will be testing the scalability when we migrate to the cloud.
We have between 300 and 400 users. There are three administrators on the system who manage devices for 25 EPS and close to 100 EPS. We are only licensed for 200 EPS, but we have plans to increase the number of users.
The customer service and support have been helpful. We log in the case, they come back to us, and then we resolve it.
We were using Check Point before we migrated to FortiSIEM. We used Check Point for about ten years before we moved to FortiGate.
So, we switched to Fortinet from Check Point. There were two main reasons. First, we weren't getting the support we needed from Check Point. Second, the cost of renewing support for our end-of-life devices was too high. We had a limited budget, so we looked for a solution that could give us the same features and capacity as Check Point at a more competitive price. We opted for FortiSIEM because it met both of our requirements.
The initial setup was straightforward because Fortinet had already provisioned the appliance. We added it to our VM and finished up by configuring the key. The only bit where there was a bit of a problem was when we started because it was supposed to be a three-in-one appliance, but we noticed that we needed to separate the collector in a different location. Otherwise, it's a straightforward process.
My understanding of a three-in-one appliance is that both the collector and the other components have to be in the same box. However, there was certain information that we were not getting, and I understand that this was changed in the 6.3 version, where the collector is separate.
This makes it easier to use agentless apps, because with agentless apps, the information is now sent back to the collector if it is separate from the other components. So, we now have to start making changes to the Kapolei collector with storage and all that. I think it's still pretty straightforward though.
We used a consultant for the deployment because it was a new product, and we wanted to ensure that it was done correctly. However, it is possible to deploy Fortinet FortiSIEM in-house by following the deployment guide.
The deployment took one week to deploy Fortinet FortiSIEM, excluding the time it took to acquire the necessary servers and virtual machines.
The first step was to purchase the necessary servers and virtual machines. We also needed to upgrade our VM version from 5 to 7.X. Once we had all of the necessary hardware and software in place, we were able to begin the deployment process.
We have five managers overseeing IT, internal control, and corporate. The staffing needs depend on their specific roles. The ID team provides the necessary support to ensure the application runs smoothly. Control users are in place to ensure that changes are made with proper information, and any alterations require approval. For these tasks, we have approximately five admins managing the process.
We pay for a license for FortiSIEM. We pay for the license and renewal.
It is expensive. The initial cost was almost prohibitive, but we went with it because it was a recommendation from our recruiters. Otherwise, we probably wouldn't have done it because it was expensive.
Overall, I would rate the solution a nine out of ten. It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely. I've been using FortiSIEM for about two years and FortiGate for about ten years, and I would recommend FortiSIEM to people who are interested in running next-generation firewalls.
Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.
It detects new technologies, vulnerabilities, and emerging threats on the internet.
I have been using Fortinet FortiSIEM for four years.
500 users are using this solution.
The product could benefit from more local support. There is an opportunity to improve the support for products like Deepgram and FortiSIEM.
Positive
The deployment of the platform took some time to set up and configure. I have experience using SolarWinds and its tools.
The initial setup is very easy and takes four months to complete. They need to focus on this because the provider did much of the configuration rather than them doing it directly. The support we receive helps us improve in comparison to using this platform alone.
I rate the initial setup an eight out of ten, where one is difficult, and ten is easy.
Our provider does the deployment and maintenance.
It has a good price and is more competitive than the others.
If the protection and monitoring make my network safer by detecting outliers and events, I can report these findings to my manager. They need to be aware of live events affecting the company.
Overall, I rate the solution an eight out of ten.
I normally use the solution in my company as part of SOC. The tool is implemented to collect logs from all networks, perimeter devices, and security devices. We are using all kinds of SIEM tools to collect logs, especially security logs from all network devices, and analyze all those logs. Fortinet FortiSIEM works for enterprise and banking customers and BFSI customers, as most of them use Fortinet FortiGate devices for the security of the perimeter devices.
The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products. The tool has an endless number of templates, so based on a customer's use case, we can choose the templates, create the report as per compliance, and submit it to management for higher visibility.
With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily.
The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.
I have been using Fortinet FortiSIEM for more than ten years. I am an integrator of the solution. I use Fortinet FortiSIEM 7.0.0.
From the application perspective, yeah, I think it is a stable tool most of the time, but we have met some issues with the database sometimes. Stability-wise, I rate the solution a nine out of ten.
It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten.
I think around ten customers of my company use the tool.
My customers are medium and enterprise-sized businesses.
The solution's technical support has been a nightmare. I rate the technical support a four or five out of ten.
Neutral
If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten. It is not very complicated, but a tech person who has the expertise to install and scale implement all these features would be required to implement the tool.
The product's installation model depends on the company's compliance and IT policies. Most customers prefer implementing an on-premises model. When considering commercial and upfront investment, customers are ready to go for cloud solutions as well. But in my experience, most customers prefer to implement an on-premises model.
The time required to deploy the solution depends on how big your network is currently. It might take two days to up to two weeks, so that is the normal project implementation time. It is always based on how big our network is and how we know our network. If customers have good visibility and understanding of their network, good access, and all the authentication paths, the integration will be much easier. In some cases, it might take more than two weeks. On average, I think it will take one to two weeks to complete installation.
The deployment of the tool is always for the SOC part of a company. It is used for real-time network analytics.
For the deployment, we discuss all the requests or use cases with the customer and understand their network topology. Most of the time, we access their platform for installation, and so we deal with virtualization platforms, like VMware ESXi, and based on that, we will download the SIEM pack from Fortinet. Once the installation has been completed, we try to find all the devices in the network that we need to monitor so we can enable all those processes. It is the normal deployment procedure we are following for implementation. Once the primary implementation has been completed based on customer use cases or complaints, we might create those dashboards and templates for reporting.
If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap.
For threat detection, some AI-based analytics tools are there, and it is one of the latest features in the product. The AI helps mitigate threats.
In terms of the tool's ability to streamline customer security workflow, the product normally searches events in real-time, so customers will get alerts of the event in real-time. Compared to other products like Splunk or Oracle, I think Fortinet FortiSIEM is more reliable in real-time.
If there is proper support and better technical capabilities, it can become a good solution.
I rate the tool an eight out of ten.
I use the solution in my company for our client, which is a big university in Tunisia, and they have many servers and virtual machines. The university has to prevent attacks by making sure that they can stop the attack at the beginning. Fortinet is good for knowing if any of the equipment in the network has been attacked like ransomware or something, and we can stop the attack and secure the network.
The tool's most valuable feature stems from the fact that I can see a complete analysis, like all the incidents that have happened, and it detects everything in real-time. It lets you know of the attack in real-time. The tool sends alerts and reports, so I think it is a useful tool.
There is a port in Fortinet FortiSIEM. If something happens, you have to enter events and create a rule to stop the attack, which I think needs to be made automatic. If any incident occurs, I hope that Fortinet FortiSIEM does the work automatically without the intervention of a human or an IT admin.
I don't want to create a rule to stop an attack. Lately, many people have been trying to access the VPN, and they are not even registered with our firewall. The team detects issues but doesn't do anything. I have to create a rule to include the addresses and details of the people who want to access the VPN in the block list, but I want the tool to do all this without me.
I have been using Fortinet FortiSIEM for two months. My company has a partnership with the solution.
It is a stable solution.
The tool is scalable enough to do what you really want.
My clients run big businesses.
The solution's technical support didn't help our company a lot. When it came to Fortinet FortiSIEM, we added the devices, and started making rules, but when we asked a question to the tool's support team, it took them a long time to answer. I rate the technical support a five out of ten.
Neutral
At the beginning the product's initial setup phase was complex. Lately, since I have started to understand the tool, the setup phase has become easy.
The solution is deployed on an on-premises model with VMs in a local data center.
The solution can be deployed in four days. One day is for installing the VMs, one day is for understanding the tool's dashboard and its rules, one day is for installing the agents and adding the equipment, and one day is for seeing what the clients want exactly.
The tool is really expensive. For what the tool does for our team, the price is fair.
As my company did not fully complete everything, the installation is not stable 100 percent.
In terms of Fortinet FortiSIEM's uptime and system stability, the tool can do detection in real-time. I think it is available for users all the time.
Those who have many servers and equipment can use SIEM so they can manage. It helps a person to see what equipment has incidents and how to prevent an attack before it happens. You can't manage much equipment, like 15 VMs or servers, by yourself. You need solutions to do that and give you alerts if anything happens.
As the product is not automated enough, I rate the tool a seven out of ten.
The primary use case of FortiSIEM for my client is to provide comprehensive security information and event management (SIEM) capabilities. It is used to monitor, detect, and respond to security incidents across the client's network by aggregating and analyzing logs, events, and other data from various sources. FortiSIEM enables real-time threat detection, compliance reporting, and overall visibility into the security posture, helping to identify potential risks and take proactive measures to protect the organization's infrastructure.
Fortinet FortiSIEM has positively impacted my client's organization by enhancing their ability to monitor security incidents in real time. The solution has provided comprehensive visibility into the network, allowing for quicker identification of potential threats. FortiSIEM's integration with various systems to collect different types of logs and its ability to correlate data from multiple sources have been particularly valuable in reducing the time spent on manual analysis and increasing overall security efficiency.
The most valuable feature is auto-discovery. When you send logs from various device to FortiSIEM it automatically detects and maps all devices, across the network, providing a comprehensive and up-to-date inventory of the IT environment
It's agent-based UEBA enhances security monitoring by utilizing agents installed on endpoints to collect detailed user activity data.It offers deeper insights into user behaviors, improving anomaly detection accuracy.
It's out-of-the-box compliance reporting features significantly ease the burden of regulatory compliance for organizations by offering pre-built report templates aligned with industry standards. Automated report generation minimizes manual effort and reduces the risk of errors, while customizable reporting allows organizations to tailor reports to specific needs.
One area where FortiSIEM could improve is in its custom normalizer/parser capabilities. While FortiSIEM offers powerful event correlation and log analysis features, creating and customizing normalizers can be complex and time-consuming.
Improving the user interface for building custom normalizers, along with providing more intuitive tools or templates, would make it easier for security teams to tailor the solution to specific needs. Enhancements in this area would enable quicker adaptation to unique log formats and data sources, allowing for more accurate event parsing and better overall performance in diverse environments.
Additionally, the search functionality could be less confusing. Streamlining the search experience and providing clearer guidance or examples would help users quickly find the information they need, ultimately improving the overall usability of the platform. These enhancements would facilitate quicker adaptation to unique log formats and more efficient event analysis, leading to better performance in diverse environments.
I have used the solution for two years.
I rate the solution's stability a seven point five out of ten.
Regarding scalability, it's better for vertical and horizontal scale-up, but expanding log sources isn't very easy due to the licensing model.
The support team was great, technically proficient, and helped with numerous bugs.
Positive
The installation and setup can be tough, requiring planning for hardware segregation and log volume. However, the installation isn't too difficult if you have clear requirements.
For those interested in using Fortinet FortiSIEM, I'd advise planning your hardware specifications and considering backup and archives to prevent log loss. It's worth the money for what they've developed.
It's difficult for beginners to learn, mainly because of Fortinet FortiSIEM's specific queries and the lack of a user-friendly environment. Understanding these queries to find your desired logs can be challenging for newcomers.
I'd rate Fortinet FortiSIEM an eight out of ten because it's powerful and simple.
